Introduction Flashcards

1
Q

What are the two main approaches to information security?

A

The ability to resist certain threats, and the maintenance of objectives for the resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Threats can give rise to what?

A

Violations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the three types of security violation?

A

Unauthorised information release, Unauthorised information modification and unauthorised denial of use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Security violations can occur because of what three things?

A

Inadequate physical controls, inadequate controls within a computer system and inadequate controls for communications networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a vulnerability?

A

A vulnerability is a flaw in design or implementation of a system that could lead to a security violation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

In order to exploit a vulnerability, what must be assumed of attackers?

A

Attackers must know about the vulnerability and must be able to exploit the vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the two main types of attacker?

A

Insider attacker and Outsider attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the CIA triad?

A

Confidentiality, prevention of unauthorised information release, Integrity, prevention of unauthorised information modification, and Availability, prevention of unauthorised denial of use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What can security be defined as in accordance with the CIA triad?

A

Security can be defined as meeting the CIA triad’s goals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When is a security goal from the CIA triad met?

A

A security goal is met if and when the corresponding security violation does not occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why is achieving a security goal difficult?

A

It is difficult to anticipate every way an attacker can cause a security violation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is confidentiality?

A

Confidentiality is about preventing users from reading information they are not supposed to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is integrity?

A

Integrity is ensuring that all information has been kept the way it is meant to be

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is availability?

A

Availability is ensuring that services are accessible on demand for authorised users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is accountability?

A

Accountability is holding users accountable for all of their actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is reliability?

A

Reliability is ensuring that the service remains consistent

17
Q

What is a security event?

A

A security event is an occurrence in a system which may indicate a security violation

18
Q

What is security event management?

A

Security event management is putting in place a defined procedure for reporting and managing security events

19
Q

What is data privacy?

A

The notion of protecting someone’s Personally Identifiable Information (PII)

20
Q

What is the difference between computer security and network security?

A

Computer security is protection of data stored in memory, while network security is protection of data in transit

21
Q

What is a security policy?

A

A policy is the ‘intentions and direction of an organisation as formally expressed by its top management’. A security policy is a policy that ‘includes security objectives or provides the framework for setting information security objectives’

22
Q

What are security objectives?

A

Security objectives are the goals of the information security management system related to the assets of an organisation and the criticality of the assets

23
Q

What are security controls?

A

A security control is a measure that is reducing risk. Controls include policies, processes and devices

24
Q

What is risk assessment?

A

Risk assessment is the ‘overall process of risk identification, risk analysis, and risk evaluation’

25
Q

What is risk analysis?

A

Risk analysis is the ‘process to comprehend the nature of risk and to determine the level of risk’

26
Q

What is risk criteria?

A

Risk criteria are the ‘terms of reference against which the significance of risk is evaluated’

27
Q

What is risk evaluation?

A

Risk evaluation is the ‘process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable’

28
Q

What is risk treatment?

A

Risk treatment is the ‘process of modifying risk’ whether by ignoring it or creating controls